Advanced

Data & Security

Data security is a core principle of Aimy. Here's how we protect your information.

Your Data Stays Yours

We never use your documents to train our AI models. Your knowledge base is yours alone — no other Aimy customer can access it, and we don't mine it for any purpose.

Where Processing Happens

Aimy hosts its own AI models (document indexing, search, and the Aimy-hosted chat models) on infrastructure we control. Your documents are uploaded to and indexed on our servers — they are not handed to a third-party cloud to store.

If you choose a third-party model (for example an OpenAI model, or any provider you connect via BYOK), then to answer a question Aimy sends that provider your prompt together with the relevant passages retrieved from your documents. In that case the question and those passages are processed by the provider you selected, under their terms. Aimy-hosted models keep the full request within our infrastructure.

Encryption

  • In transit — Traffic between your browser, our servers, and the AI layer is encrypted with TLS.
  • BYOK keys at rest — Your provider API keys are encrypted at rest using libsodium authenticated encryption (XSalsa20-Poly1305 secretbox) and are decrypted only when a request is made.
  • Access control — Documents and chat history are protected by authentication and strict per-company isolation (see below). Files themselves are stored on access-controlled servers.

Multi-Tenant Isolation

Each company's data is strictly isolated. Database queries always filter by company_id, and there is no cross-tenant data access. Your documents, chat history, and settings are visible only to members of your company.

Data Deletion

  • Individual documents — Delete any document from the Knowledge Base. The document and its vector embeddings are permanently removed.
  • Chat history — Delete individual conversations or clear all history.
  • Full account deletion — Request complete account deletion. All your data is permanently erased within 30 days.

Compliance

Aimy complies with the Malaysian Personal Data Protection Act (PDPA). For details, see our Privacy Policy and PDPA Notice.